Author: carljm
Date: 2011-06-10 09:18:40 -0700 (Fri, 10 Jun 2011)
New Revision: 16361
Modified:
django/trunk/docs/ref/contrib/csrf.txt
Log:
Refs #15855 -- Recommended the csrf_protect decorator rather than
vary_on_cookie as workaround for cache_page caching the response before it gets
to middleware.
Modified: django/trunk/docs/ref/contrib/csrf.txt
===================================================================
--- django/trunk/docs/ref/contrib/csrf.txt 2011-06-10 15:14:36 UTC (rev
16360)
+++ django/trunk/docs/ref/contrib/csrf.txt 2011-06-10 16:18:40 UTC (rev
16361)
@@ -238,15 +238,16 @@
(``UpdateCacheMiddleware`` goes before all other middleware).
However, if you use cache decorators on individual views, the CSRF middleware
-will not yet have been able to set the Vary header. In this case, on any views
-that will require a CSRF token to be inserted you should use the
-:func:`django.views.decorators.vary.vary_on_cookie` decorator first::
+will not yet have been able to set the Vary header or the CSRF cookie, and the
+response will be cached without either one. In this case, on any views that
+will require a CSRF token to be inserted you should use the
+:func:`django.views.decorators.csrf.csrf_protect` decorator first::
from django.views.decorators.cache import cache_page
- from django.views.decorators.vary import vary_on_cookie
+ from django.views.decorators.csrf import csrf_protect
@cache_page(60 * 15)
- @vary_on_cookie
+ @csrf_protect
def my_view(request):
# ...
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
